bool getClientDLLInitVars()
{
// We retrieve appSysFactory and globalVarsBase
// They're referenced in engine.dylib -> ClientDLL_Init(void)
// Both located (in the disasm) at EBX + some_address
// EBX is loaded from the rel CALL near the beginning that looks like
// E8 00 00 00 00. This will push the next EIP onto the stack
// where POP EBX loads the address into EBX
// steps:
// find symbol ClientDLL_Init(), should be obvious from there
embryo::signature popEBXSig(sigs::popEBXSigStr);
embryo::sigscan popEBXScan(popEBXSig, *glob.engineMod);
embryo::signature appSysFactorySig(sigs::appSysFactoryStr);
embryo::sigscan appSysFactoryScan(appSysFactorySig, *glob.engineMod);
unsigned int EBX = (unsigned int)popEBXScan.find() - 0x45;
DUMP_VAR(EBX);
if (!EBX)
{
embryo::log().error("popEbxScan returned NULL");
return 0;
}
unsigned char *appSysFactoryRes = (unsigned char *)appSysFactoryScan.find();
if (!appSysFactoryRes)
{
embryo::log().error("appSysFactoryScan returned NULL");
return 0;
}
DUMP_VAR(appSysFactoryRes);
glob.appSysFactory = **(CreateInterfaceFn **)(EBX + *(unsigned int *)(appSysFactoryRes + 0x2));
glob.globalVarsBase = *(void **)(EBX + *(unsigned int *)(appSysFactoryRes + 0x8 + 0x2));
DUMP_VAR(glob.appSysFactory);
DUMP_VAR(glob.globalVarsBase);
return glob.appSysFactory != NULL && glob.globalVarsBase != NULL;
}
t_Error FM_PCD_PrsDumpRegs(t_Handle h_FmPcd)
{
t_FmPcd *p_FmPcd = (t_FmPcd*)h_FmPcd;
t_FmPcdIpcMsg msg;
DECLARE_DUMP;
SANITY_CHECK_RETURN_ERROR(p_FmPcd, E_INVALID_HANDLE);
SANITY_CHECK_RETURN_ERROR(p_FmPcd->p_FmPcdPrs, E_INVALID_HANDLE);
SANITY_CHECK_RETURN_ERROR(!p_FmPcd->p_FmPcdDriverParam, E_INVALID_STATE);
if(p_FmPcd->guestId != NCSW_MASTER_ID)
{
memset(&msg, 0, sizeof(msg));
msg.msgId = FM_PCD_PRS_DUMP_REGS;
return XX_IpcSendMessage(p_FmPcd->h_IpcSession,
(uint8_t*)&msg,
sizeof(msg.msgId),
NULL,
NULL,
NULL,
NULL);
}
DUMP_SUBTITLE(("\n"));
DUMP_TITLE(p_FmPcd->p_FmPcdPrs->p_FmPcdPrsRegs, ("FmPcdPrsRegs Regs"));
DUMP_VAR(p_FmPcd->p_FmPcdPrs->p_FmPcdPrsRegs,rpclim);
DUMP_VAR(p_FmPcd->p_FmPcdPrs->p_FmPcdPrsRegs,rpimac);
DUMP_VAR(p_FmPcd->p_FmPcdPrs->p_FmPcdPrsRegs,pmeec);
DUMP_VAR(p_FmPcd->p_FmPcdPrs->p_FmPcdPrsRegs,pevr);
DUMP_VAR(p_FmPcd->p_FmPcdPrs->p_FmPcdPrsRegs,pever);
DUMP_VAR(p_FmPcd->p_FmPcdPrs->p_FmPcdPrsRegs,pevfr);
DUMP_VAR(p_FmPcd->p_FmPcdPrs->p_FmPcdPrsRegs,perr);
DUMP_VAR(p_FmPcd->p_FmPcdPrs->p_FmPcdPrsRegs,perer);
DUMP_VAR(p_FmPcd->p_FmPcdPrs->p_FmPcdPrsRegs,perfr);
DUMP_VAR(p_FmPcd->p_FmPcdPrs->p_FmPcdPrsRegs,ppsc);
DUMP_VAR(p_FmPcd->p_FmPcdPrs->p_FmPcdPrsRegs,pds);
DUMP_VAR(p_FmPcd->p_FmPcdPrs->p_FmPcdPrsRegs,l2rrs);
DUMP_VAR(p_FmPcd->p_FmPcdPrs->p_FmPcdPrsRegs,l3rrs);
DUMP_VAR(p_FmPcd->p_FmPcdPrs->p_FmPcdPrsRegs,l4rrs);
DUMP_VAR(p_FmPcd->p_FmPcdPrs->p_FmPcdPrsRegs,srrs);
DUMP_VAR(p_FmPcd->p_FmPcdPrs->p_FmPcdPrsRegs,l2rres);
DUMP_VAR(p_FmPcd->p_FmPcdPrs->p_FmPcdPrsRegs,l3rres);
DUMP_VAR(p_FmPcd->p_FmPcdPrs->p_FmPcdPrsRegs,l4rres);
DUMP_VAR(p_FmPcd->p_FmPcdPrs->p_FmPcdPrsRegs,srres);
DUMP_VAR(p_FmPcd->p_FmPcdPrs->p_FmPcdPrsRegs,spcs);
DUMP_VAR(p_FmPcd->p_FmPcdPrs->p_FmPcdPrsRegs,spscs);
DUMP_VAR(p_FmPcd->p_FmPcdPrs->p_FmPcdPrsRegs,hxscs);
DUMP_VAR(p_FmPcd->p_FmPcdPrs->p_FmPcdPrsRegs,mrcs);
DUMP_VAR(p_FmPcd->p_FmPcdPrs->p_FmPcdPrsRegs,mwcs);
DUMP_VAR(p_FmPcd->p_FmPcdPrs->p_FmPcdPrsRegs,mrscs);
DUMP_VAR(p_FmPcd->p_FmPcdPrs->p_FmPcdPrsRegs,mwscs);
DUMP_VAR(p_FmPcd->p_FmPcdPrs->p_FmPcdPrsRegs,fcscs);
return E_OK;
}
void *init(void *__pthreadarg)
{
embryo::log().init(embryo::logger::log_stdout | embryo::logger::log_file | embryo::logger::force_flush | embryo::logger::file_color,
"/Users/scen/projects/osxinj/bin/Release/debug.log");
glob.clientMod = new embryo::module("client.dylib");
glob.engineMod = new embryo::module("engine.dylib");
glob.matsurfaceMod = new embryo::module("vguimatsurface.dylib");
glob.vgui2Mod = new embryo::module("vgui2.dylib");
auto clientName = glob.getInterfaceName(glob.clientMod, "VClient0");
auto engineName = glob.getInterfaceName(glob.clientMod, "VEngineClient0");
auto cvarName = glob.getInterfaceName(glob.clientMod, "VEngineCvar0");
auto vguiPanelName = glob.getInterfaceName(glob.clientMod, "VGUI_Panel0");
auto entName = glob.getInterfaceName(glob.clientMod, "VClientEntityList0");
auto modelRenderName = glob.getInterfaceName(glob.clientMod, "VEngineModel0");
auto traceName = glob.getInterfaceName(glob.clientMod, "EngineTraceClient0");
auto modelInfoName = glob.getInterfaceName(glob.clientMod, "VModelInfoClient0");
auto surfaceName = glob.getInterfaceName(glob.clientMod, "VGUI_Surface0");
auto matSysName = glob.getInterfaceName(glob.clientMod, "VMaterialSystem0");
auto debugOverlayName = glob.getInterfaceName(glob.clientMod, "VDebugOverlay0");
glob.clientFactory = glob.getInterfaceFactory(glob.clientMod);
glob.engineFactory = glob.getInterfaceFactory(glob.engineMod);
getClientDLLInitVars();
glob.client = (CHLClient *)glob.clientFactory(clientName, NULL);
glob.engine = (CEngineClient *)glob.appSysFactory(engineName, NULL);
glob.cvar = glob.appSysFactory(cvarName, NULL);
glob.panel = (CPanel *)glob.appSysFactory(vguiPanelName, NULL);
glob.ent = glob.clientFactory(entName, NULL);
glob.modelRender = glob.appSysFactory(modelRenderName, NULL);
glob.trace = glob.appSysFactory(traceName, NULL);
glob.modelInfo = glob.appSysFactory(modelInfoName, NULL);
glob.surface = (ISurface *)glob.appSysFactory(surfaceName, NULL);
glob.matSystem = glob.appSysFactory(matSysName, NULL);
glob.debugOverlay = glob.engineFactory(debugOverlayName, NULL);
// Retrieve CInput pointer; it's at EAX + some offset
unsigned int *clientVMT = *(unsigned int **)glob.client;
embryo::sigscan inputBaseScan(embryo::signature("e8 00 00 00 00"), (void *)clientVMT[offsets::IN_ActivateMouse], 0x100);
unsigned int inputBase = (unsigned int)inputBaseScan.find();
DUMP_VAR(inputBase);
if (!inputBase) return NULL;
embryo::sigscan inputOffsetScan(embryo::signature("8b 80"), (void *)clientVMT[offsets::IN_ActivateMouse], 0x100);
unsigned int inputOffset = (unsigned int)inputOffsetScan.find();
DUMP_VAR(inputOffset);
if (!inputOffset) return NULL;
glob.input = (void *)**(unsigned int ***)(inputBase + 0x5 + *(unsigned int *)(inputOffset + 0x2));
DUMP_VAR(glob.client);
DUMP_VAR(glob.engine);
DUMP_VAR(glob.cvar);
DUMP_VAR(glob.panel);
DUMP_VAR(glob.ent);
DUMP_VAR(glob.modelRender);
DUMP_VAR(glob.trace);
DUMP_VAR(glob.modelInfo);
DUMP_VAR(glob.surface);
DUMP_VAR(glob.matSystem);
DUMP_VAR(glob.debugOverlay);
DUMP_VAR(glob.input);
rend.init();
glob.nvar = netvar(glob.client);
glob.nvar.init();
glob.panelHook = new embryo::vmt(glob.panel);
glob.panelHook->hookMethod((void *)&hooks::hkPaintTraverse, offsets::PaintTraverse);
glob.clientHook = new embryo::vmt(glob.client);
glob.clientHook->hookMethod((void *)&hooks::hkWriteUsercmdDeltaToBuffer, offsets::WriteUsercmdDeltaToBuffer);
return NULL;
}